ovs-bugtool: Turn off "group" and "other" permissions for generated files.

ovs-bugtool's output is potentially sensitive, so it seems best not to
allow anyone but the owner to read it.  This commit disables "group" and
"other" bits in the Unix ACL.

diff --git a/utilities/ovs-bugtool b/utilities/ovs-bugtool
index 4f0038e..61cc3ca 100755 (executable)
--- a/utilities/ovs-bugtool
+++ b/utilities/ovs-bugtool
@@ -898,7 +898,9 @@ def make_tar(subdir, suffix, output_fd, output_file):
             filename = "%s/%s.%s" % (BUG_DIR, subdir, suffix)
         else:
             filename = output_file
+        old_umask = os.umask(0077)
         tf = tarfile.open(filename, mode)
+        os.umask(old_umask)
     else:
         tf = tarfile.open(None, 'w', os.fdopen(output_fd, 'a'))
 
@@ -939,7 +941,9 @@ def make_zip(subdir, output_file):
         filename = "%s/%s.zip" % (BUG_DIR, subdir)
     else:
         filename = output_file
+    old_umask = os.umask(0077)
     zf = zipfile.ZipFile(filename, 'w', zipfile.ZIP_DEFLATED)
+    os.umask(old_umask)
 
     try:
         for (k, v) in data.items():